From d0dc3c79cb3e507b67ecd593c46efdf8f9082def Mon Sep 17 00:00:00 2001
From: William Kim <wkim@mitre.org>
Date: Thu, 20 Jun 2013 15:04:08 -0400
Subject: [PATCH] more unit tests for TestDefaultOAuth2ProviderTokenService.

---
 ...TestDefaultOAuth2ProviderTokenService.java | 40 ++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
index a1e2e9744..b5b1697c7 100644
--- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java
@@ -19,6 +19,8 @@ package org.mitre.oauth2.service.impl;
 import static org.hamcrest.CoreMatchers.*;
 import static org.junit.Assert.*;
 
+import java.util.Date;
+
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -79,6 +81,11 @@ public class TestDefaultOAuth2ProviderTokenService {
 
 		client = Mockito.mock(ClientDetailsEntity.class);
 		Mockito.when(clientDetailsService.loadClientByClientId(Mockito.anyString())).thenReturn(client);
+
+		// by default in tests, allow refresh tokens
+		AuthorizationRequest clientAuth = authentication.getAuthorizationRequest();
+		Mockito.when(clientAuth.getScope()).thenReturn(Sets.newHashSet("offline_access"));
+		Mockito.when(client.isAllowRefresh()).thenReturn(true);
 	}
 
 	/**
@@ -121,6 +128,8 @@ public class TestDefaultOAuth2ProviderTokenService {
 	@Test
 	public void createAccessToken_noRefresh() {
 
+		Mockito.when(client.isAllowRefresh()).thenReturn(false);
+
 		OAuth2AccessTokenEntity token = service.createAccessToken(authentication);
 
 		Mockito.verify(clientDetailsService).loadClientByClientId(Mockito.anyString());
@@ -150,5 +159,34 @@ public class TestDefaultOAuth2ProviderTokenService {
 
 	}
 
-	// TODO check expiration dates
+	/**
+	 * Checks to see that the expiration date of new tokens is being set accurately to within some delta for time skew.
+	 */
+	@Test
+	public void createAccessToken_expiration() {
+
+		Integer accessTokenValiditySeconds = 3600;
+		Integer refreshTokenValiditySeconds = 600;
+		
+		long delta = 100L;
+
+		Mockito.when(client.getAccessTokenValiditySeconds()).thenReturn(accessTokenValiditySeconds);
+		Mockito.when(client.getRefreshTokenValiditySeconds()).thenReturn(refreshTokenValiditySeconds);
+
+		long start = System.currentTimeMillis();
+		OAuth2AccessTokenEntity token = service.createAccessToken(authentication);
+		long end = System.currentTimeMillis();
+
+		// Accounting for some delta for time skew on either side.
+		Date lowerBoundAccessTokens = new Date(start + (accessTokenValiditySeconds * 1000L) - delta);
+		Date upperBoundAccessTokens = new Date(end + (accessTokenValiditySeconds * 1000L) + delta);
+		Date lowerBoundRefreshTokens = new Date(start + (refreshTokenValiditySeconds * 1000L) - delta);
+		Date upperBoundRefreshTokens = new Date(end + (refreshTokenValiditySeconds * 1000L) + delta);
+
+		assertTrue(token.getExpiration().after(lowerBoundAccessTokens) && token.getExpiration().before(upperBoundAccessTokens));
+		assertTrue(token.getRefreshToken().getExpiration().after(lowerBoundRefreshTokens) && token.getRefreshToken().getExpiration().before(upperBoundRefreshTokens));
+	}
+	
+	// TODO verify JWT stuff in createAccessToken().
+
 }